6.5

CVE-2024-8096

Exploit

EPSS 0.21%
Veröffentlicht 11.09.2024 10:15:02
Zuletzt bearbeitet 30.07.2025 19:42:16
Quelle 2499f714-1537-4658-8207-48ae4b
Teams Watchlist Login
Unerledigt Login

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.  If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Curl Version >= 7.41.0 < 8.10.0

Debian ≫ Debian Linux Version11.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Ontap Tools Version10 SwPlatformvmware_vsphere

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.429

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://curl.se/docs/CVE-2024-8096.html

Vendor Advisory

https://curl.se/docs/CVE-2024-8096.json

Vendor Advisory

https://hackerone.com/reports/2669852

Third Party Advisory

Exploit

Issue Tracking

http://www.openwall.com/lists/oss-security/2024/09/11/1

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20241011-0005/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8096

EUVD